Biggest cause of data leaks: Human errors


Biggest cause of data leaks: Human errors

Your colleague is about to cause a major data breach, worth USD 4.4 million. We hear you thinking... surely a colleague can't be responsible for that? Unfortunately, human error is often the cause of data breaches, in 82% of the cases. Human error is by far the greatest threat to data security for all companies in the world. And, therefore, also for your company.

In this article you will read why an error made by you or your colleague is the main cause of data leaks worldwide, what these errors look like and what you can do to prevent these costly mistakes as much as possible.

 


Mistakes happen

According to Verizon's latest report, 82% of breaches involved the Human Element, including social attacks, errors and misuse. This means that employees can be the weakest link in the chain of data security

Employees are on the front lines when it comes to malware and virus attacks. But even without an external attack, things can go very wrong by, for example, sending an email containing personal data to the wrong person. The most common mistakes are made with the best of intentions, but these days they are punished extra harshly.

Phishing is by far the mistake that hurts the most in the wallet. An average of $4.9 million is lost to a phishing attack!


Here are two examples of human errors that we often hear about:

Human error example 1: Sensitive personal data sent to the wrong person

Ellen is about to send an email. Both the message and the attachments contain privacy-sensitive information. The message is intended for Matthew, the accountant who has requested specific information.

At the recipient's field, she starts typing the name, and when she gets to "Mat..." she presses enter. Ellen thinks that the email program has automatically completed the name Matthew, with the associated email address.

She then presses send, and the email is sent. But what does it turn out to be? The email was sent to Mathilda, from an external company, with whom she has regular email contact. Mathilda has now received all the data, which was not intended for her.

 

Ask yourself: what would happen if privacy-sensitive information of your organization falls into the wrong hands?

 

Human error example 2: Responding to a phishing email

Peter is busy with his daily work at the office when an email from his boss appears in his mailbox. The subject line reads "urgent request," so Peter opens the message. In the email, the boss is asking him to pay an important invoice quickly, as he himself is in a meeting with the board of directors all day. If it isn't paid before the bank closes, production will be delayed.

Without thinking about it, Peter opens the attachment and does as he is asked. The next day, Peter tells his boss that everything is settled as far as the payment is concerned. His boss asks him what payment he is talking about. At that point, Peter quickly returns to his computer and realizes that the email address of the email in question does not match his boss'.

phishing-growing (1)

 

The cost of such mistakes?

Recently, the Cost of a Data breach Report 2022 came out. With not so good news. 83% of organizations in the study have experienced 1 or more data breaches. The cost of a data breach? We said it before, an average of $4.4 million. This is a growth of 2.6% compared to 2021.


Not only that, you can also expect a heavy fine for not complying with the HIPAA, or other regulations like the CCPA or the GDPR (if your business also operates with European data). HIPAA violation fines can be issued up to a maximum level of $25,000 per violation category, per calendar year, and the minimum fine applicable is $100 per violation.

 

Would you like to read more about data breaches? Click here for our dedicated page on preventing data breaches.

 

 

Tips to prevent human error

Having an IT department with security & data experts is not enough to prevent mistakes. Your cybersecurity battle plan must include several components, from employees to technology. Only then will it be possible to avoid a data breach of 4.2 million euros and a fine. Are you shaping your battle plan? Get inspired by the tips below!

 

Information and training

Good information is essential when it comes to preventing mistakes. Before you or a colleague clicks on a malicious link, in many cases something has gone wrong in preventing a phishing attack. It is the responsibility of management and security to educate everyone in the organization about phishing. Only 1 in 5 companies has trained its employees to recognize a phishing attack.

 

Email security solution

Unfortunately, there are still too many companies that have not installed email security. Probably because many companies think that the spam filter protects them sufficiently. By choosing the right solution, you can send and receive messages securely, so that privacy-sensitive information remains protected. A solution that increases awareness when processing sensitive data and that allows you to recall sent emails will be able to correct mistakes. Do you get notifications when sensitive information has been added to the email? Is it possible to check whether the correct recipient or files have been selected before sending?  By doing so, you ensure sensitive data is shared with the right security and the right information is shared with the right recipient(s).

 

Machine learning

Imagine you want to send a quick email on a busy day. You don't have time to pay attention, but that's not a problem: you have a computer that constantly checks for you, whether the email you are writing contains sensitive information and, if necessary, provides your email with the necessary security. The effect of this form of Machine Learning is that, as an end user, you don't have to be constantly aware of email security. Every time your computer suspects a risk, you get a notification and your email is sent securely.



Additional Quick Tips:

  • Use a zero trust security model to prevent unauthorized access to sensitive data. Results of the study show that organizations with a mature zero trust security model, lost 1.4 million euros less in a data breach.
  • Protect sensitive data in cloud environments with policy and encryption. With the increasing amount and value of data hosted in cloud environments, organizations must take steps to protect databases hosted in the cloud.
  • Use tools that help you protect and monitor your remote workers.
  • Create an "incident response" plan to test and possibly tighten your data security measures.
  • Invest in risk management and prepare your organization for any data breach.

 


Start choosing the right email security now

Choosing an email solution is not done in a day. Because what do you need as an organization? And how do the various email providers solve this? We have created a handy whitepaper that can help you with your choice!

 

secure email solution

 

Similar posts